Identity architecture design – Azure Architecture Center

Table of Contents1 Introduction to identity on Azure1.1 Learning paths1.2 Modules2 Path to production2.1 Design2.2 Implementation3 Best practices4 Suite of baseline implementations5 Stay current with identity6 Additional resources6.1 Azure AD in educational environments6.2 Information for Amazon Web Services (AWS) and Google Cloud professionals Identity and access management (IAM) architectures provide […]

Identity and access management (IAM) architectures provide frameworks for protecting data and resources. Internal networks establish security boundaries in on-premises systems. In cloud environments, perimeter networks and firewalls aren’t sufficient for managing access to apps and data. Instead, public cloud systems rely on identity solutions for boundary security.

An identity solution controls access to an organization’s apps and data. Users, devices, and applications have identities. IAM components support the authentication and authorization of these and other identities. The process of authentication controls who or what uses an account. Authorization controls what that user can do in applications.

Whether you’re just starting to evaluate identity solutions or looking to expand your current implementation, Azure offers many options. One example is Azure Active Directory (Azure AD), a cloud service that provides identity management and access control capabilities. To decide on a solution, start by learning about this service and other Azure components, tools, and reference architectures.

Architecture diagram that shows Azure A D in a cloud environment. Connections to apps, devices, and other components are also visible.

Introduction to identity on Azure

If you’re new to IAM, the best place to start is with Microsoft Learn. This free online training platform offers videos, tutorials, and hands-on learning for various products and services.

The following resources can help you learn the core concepts of IAM.

Learning paths


Path to production

After you’ve covered the fundamentals of identity management, the next step is to develop your solution.


To explore options for identity solutions, consult these resources:

  • For a comparison of three services that provide access to a central identity, see Compare self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services.

  • To learn how to make IAM resilient, see Resilient identity and access management with Azure AD.

  • To compare options for reducing latency when integrating with an Azure network, see Integrate on-premises AD with Azure.

  • For information on associating billing offers with an Azure AD tenant, see Azure billing offers and Active Directory tenants.

  • To evaluate options for an identity and access foundation, see Azure identity and access management design area.

  • To explore ways to organize resources that you deploy to the cloud, see Resource organization.

  • For a comparison of various authentication options, see Choose the right authentication method for your Azure Active Directory hybrid identity solution.

  • For a comprehensive hybrid identity solution, see How Azure AD Delivers Cloud Governed Management for On-Premises Workloads.

  • To learn how Azure AD Connect integrates on-premises directories with Azure AD, see What is Azure AD Connect?.


When you’ve decided on an approach, implementation comes next. For deployment recommendations, see these resources:

Best practices

Suite of baseline implementations

These reference architectures provide baseline implementations for various scenarios:

Stay current with identity

Azure AD receives improvements on an ongoing basis.

Additional resources

The following resources provide practical recommendations and information for specific scenarios.

Azure AD in educational environments

Information for Amazon Web Services (AWS) and Google Cloud professionals

Source Article

Next Post

Manage master data in data mesh - Cloud Adoption Framework

Thu Jun 23 , 2022
Table of Contents0.1 In this article1 Domain-oriented master data management1.1 Domain-level master data management1.2 Achieve consistency with reusable components2 Master data management summary3 Next steps Article 04/19/2022 5 minutes to read 2 contributors In this article Enterprises using […]